9826456992
- fix CVE-2009-1725 - crash, possible ACE in numeric character references - fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free) - fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?) - fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling - fix CVE-2009-0945 - NULL-pointer dereference in the SVGList interface impl
14 lines
549 B
Diff
14 lines
549 B
Diff
Index: khtml/html/htmltokenizer.cpp
|
|
===================================================================
|
|
--- khtml/html/htmltokenizer.cpp (revision 1002162)
|
|
+++ khtml/html/htmltokenizer.cpp (revision 1002163)
|
|
@@ -1038,7 +1038,7 @@
|
|
#ifdef TOKEN_DEBUG
|
|
kDebug( 6036 ) << "unknown entity!";
|
|
#endif
|
|
- checkBuffer(10);
|
|
+ checkBuffer(11);
|
|
// ignore the sequence, add it to the buffer as plaintext
|
|
*dest++ = '&';
|
|
for(unsigned int i = 0; i < cBufferPos; i++)
|